CVE-2020-12459

In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.
Configurations

Configuration 1 (hide)

cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-29 16:15

Updated : 2021-07-21 11:39


NVD link : CVE-2020-12459

Mitre link : CVE-2020-12459


JSON object : View

Products Affected

grafana

  • grafana
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor